Event logging of domains or of a category that has been blocked in a security report is a misconfiguration issue in the customers environment where valid DNS queries and traffic is overwhelming the reporting/logging system, resulting in a lot of noise. For more information, see Event Logging of a Domain or Category Blocked in a Security Report.
The Data Exfiltration, Malware, Command & Control, and Summary reports are not tied to your organization's custom whitelist and should not be reported as RPZ events. As such, they are reporting Threat Intelligence detections and exist independent of the DNS Firewall. If you have your DNS Threat policy set to "log, allow," these will continue to show up. To remedy this, only the Security Report should be used when interpreting DNS Firewall activity